You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run ./prowler -c check124 I get following error:
(....some lines deleted....)
1.24 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)
INFO! Looking for custom policies: (skipping default policies - it may take few seconds...)
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
When I run bash this with bash -x I get:
POLICY_VERSION='v2
v3'
++ /usr/bin/aws iam get-policy-version --output text --policy-arn arn:aws:iam::123456789012:policy/myrole --version-id v2 v3 --query 'PolicyVersion.Document.Statement[?Effect == '''Allow''' && contains(Resource, '''''') && contains (Action, '''''')]' --profile default --region us-east-1
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
Looks like bug with line:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -w $policy |awk '{ print $2}')
If there are two policies:
arn:aws:iam::123456789012:policy/mypolicy - which is v2
arn:aws:iam::123456789012:policy/mypolicy2 - which is v3
It will produce POLICY_VERSION='v2
v3'
Change line to:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -P "$policy\t" |awk '{ print $2}')
The text was updated successfully, but these errors were encountered:
Thanks @zorangagic good catch!
your command suggested only works with Linux and doesn't work on BSD grep because -P is an option for GNU grep only.
I have tested in OSX with two policies:
arn:aws:iam::123456789:policy/CustomPolicy - wich is v18
arn:aws:iam::123456789:policy/CustomPolicy1 - wich is v1
arn:aws:iam::123456789:policy/CustomPolicy2 - wich is v1
And it works with the existing command in OSX.
Can you try with grep -w "$policy" instead of grep -w $policy ? If it doesn't work we can add an if depending on linux or osx to add grep -P.
When I run ./prowler -c check124 I get following error:
(....some lines deleted....)
1.24 Ensure IAM policies that allow full ":" administrative privileges are not created (Scored)
INFO! Looking for custom policies: (skipping default policies - it may take few seconds...)
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
When I run bash this with bash -x I get:
POLICY_VERSION='v2
v3'
++ /usr/bin/aws iam get-policy-version --output text --policy-arn arn:aws:iam::123456789012:policy/myrole --version-id v2 v3 --query 'PolicyVersion.Document.Statement[?Effect == '''Allow''' && contains(Resource, '''''') && contains (Action, '''''')]' --profile default --region us-east-1
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
Unknown options: v3
Looks like bug with line:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -w $policy |awk '{ print $2}')
If there are two policies:
arn:aws:iam::123456789012:policy/mypolicy - which is v2
arn:aws:iam::123456789012:policy/mypolicy2 - which is v3
It will produce POLICY_VERSION='v2
v3'
Change line to:
POLICY_VERSION=$($AWSCLI iam list-policies --profile $PROFILE --region $REGION --query 'Policies[*].[Arn,DefaultVersionId]' --output text|grep -P "$policy\t" |awk '{ print $2}')
The text was updated successfully, but these errors were encountered: